An electronic device having built-in software or a built-in parameter is generally called a built-in device or built-in system. The built-in device is located at the center of a home electric appliance, an automobile, a railroad system, a factory manufacture facility, or the like, to supervise control over it. Along with the recent trend for a mobile device and an information oriented society, a built-in device is more and more connected to a network and becoming multifunctional and large-scaled rapidly, to support the basic system of the society. Also, the application field of the built-in device expands rapidly. As the result of these changes of the circumstances, demands for the security of the built-in device increase rapidly.
If the built-in device is connected to the network, it is exposed to a threat via the network. Also, the built-in device is exposed to a threat of illegal extraction or illegal modification of loaded software and parameter by the owner of the built-in device. This is a feature of the built-in device. If the program or parameter of an electronic device (built-in device) is tampered illegally, the electronic device exhibits a behavior not intended by the manufacturer. As a result, the operation amount of the hardware exceeds the tolerance limit. In this manner, tampering affects the reliability and security of an electronic device largely and adversely. Often, most of the functions of the built-in device are realized by the incorporated software and parameter. The contents of such programs may undesirably leak by reverse engineering or the like.
As a protection against illegal modification (tampering) or copying of built-in software or parameters of an electronic device, or leak of the contents of the built-in software or parameters (extraction of the programs and parameters), conventionally, the following methods have been employed:    (1) A keyed hash value or the like is used as a check code (tampering prevention).    (2) Software or a parameter is encrypted and stored in the electronic device, and is decrypted at the time of execution (prevention against tampering and extraction).
With either method, the keyed hash value, or a key used in an encryption process/decryption process, must be stored in or outside the device. If the device is analyzed or key information leaks, the countermeasures of (1) and (2) may be invalidated.
A conventional check code method will be described with reference to FIGS. 8 to 11. FIGS. 8 and 9 are block diagrams of a conventional electronic device 10. FIGS. 10 and 11 are operation flowcharts. FIGS. 8 and 9 are for describing tampering detection and copy prevention of a program and parameter in the electronic device by using a check code 13 based on a keyed hash value, or by using an encryption process. Tampering detection using the check code 13 based on the keyed hash value is conducted in accordance with the following procedure (FIG. 10).
A control program 12 for the electronic device 10 is stored in a nonvolatile memory 11. A keyed hash value H0 is calculated from the control program 12 and a check code generating key (S01), and is written in the nonvolatile memory 11 as the check code 13 (S02). Although the check code generating key is stored in the electronic device 10, it may be input externally via an I/O 14 instead. These steps are conducted in a secure environment in advance, e.g., before shipment from the factory.
Subsequently, a CPU 16 executes the following process. The CPU 16 checks if the control program 12 in the electronic device 10 is not tampered. As shown in FIG. 9, the CPU 16 calculates a keyed hash value H1 using the control program 12 and the check code generating key after the power supply is turned on, or at an arbitrary timing (S11). The check code generating key may be stored in the electronic device 10 in advance, or input externally via the I/O 14. The CPU 16 compares the calculated keyed hash value H1 with the check code 13 stored in the nonvolatile memory 11 (S12). As the result of comparison, if a coincidence is established, it indicates that the control program 12 is not tampered. The CPU 16 executes the control program 12, and accordingly the electronic device 10 operates normally (S13). If a coincidence is not established, it indicates that the control program 12 is tampered. The CPU 16 performs a necessary process, e.g., stopping operation of the electronic device 10, or producing an alarm (S14).
Tampering detection using the check code 13 based on the keyed hash value, as well as copy prevention of the control program 12 by employing encryption and decryption processes, will be described with reference to FIG. 11. The tampering detection method is the same as that described above. The copy prevention is performed in accordance with the following procedure.
The control program 12 in the nonvolatile memory 11 is stored through the encryption process using a cipher key K1. At this time, the encrypted control program 12 (an encrypted program 12a) is overwritten on the control program 12. Hence, the control program 12 itself no longer exists in the electronic device 10 (S21). The cipher key used in the encryption process may be stored in the electronic device 10 in advance, or externally input via the I/O 14, in the same manner as the check code generating key. The steps so far are conducted in a secure environment in advance, e.g., before shipment from the factory.
When operating the electronic device 10, the CPU 16 decrypts the encrypted control program 12a into the original control program 12 by using the decryption key (S22), and executes the control program 12, thereby controlling the electronic device 10. The decryption key employed at this time may be stored in the electronic device 10 in advance, or eternally input via the I/O 14. By conducting these steps, the control program 12 is stored in the electronic device 10, usually in an encrypted state. This makes it difficult to copy the control program 12, unless the cipher key or decryption key has been obtained.
As another prior art “A Game Machine and a Verification Apparatus” described in Japanese Patent Publication No. 2001-96040 (Patent Literature 1) will be described with reference to FIGS. 12 and 13.
According to Patent Literature 1, storage encrypted data 22 (a control program 25 encrypted) which is encrypted using a storage cipher key, and a storage decryption key 23 (a key to decrypt the encrypted control program 22), are stored in a storage memory device 21 of a game machine 20 (S41). When operating the game machine 20 (YES in S42), the storage encrypted data 22 is decrypted using the storage decryption key 23, so the control program 25 is executed (S43). The encryption/decryption process is constituted by an asymmetric encryption system, and the cipher key and the decryption key are separate. With this structure, the key employed when encrypting the control program 25 is not stored in the game machine 20. This makes it difficult to falsify or tamper the control program 25.
According to Patent Literature 1, the storage encrypted data 22 stored in the storage memory device 21 of the game machine 20 is transferred, in the encrypted form, to a verification device 30. The storage encrypted data 22 is collated with collation data 32 stored in advance in the verification device 30, to verify whether it is authentic or not. In this case, Patent Literature 1 says as the control program is processed in the encrypted form, leak of the program content can also be prevented.